package com.eagle.rate.common.util;

import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.taobao.com.Util;

public class AuthorizationInterceptor extends AbstractInterceptor {
	/**
     * 
     */
	private static final long serialVersionUID = 4949812834762901805L;
	private static Log _log = LogFactory.getLog(AuthorizationInterceptor.class);

	@Override
	public String intercept(ActionInvocation invocation) throws Exception {
		// 取得请求的Action名
		System.out.println("拦截器=================================");
		/**
		 * 1.授权验证
		 * 2.已经登陆。含有session
		 * 
		 */
		
		
		String name = invocation.getInvocationContext().getName(); // action
		// _log.debug("actionName====================================" + name);
		// System.out.println("actionName===========================" + name);

		// 如果请求授权，跳过session验证
		if (name.equals("auth")) {
			return "auth";
		}

		// 授权验证，跳过session验证(授权页面后的验证)                                                                                                                                                                                                                                                                                               
		if (name.equals("checkAuth")) {
			return invocation.invoke();//正常执行
		}

		Map session = invocation.getInvocationContext().getSession();
		// 正常应用访问用session过滤
		
		
		
		
		// session检测 如果不存在内部访问许可，然会授权页面
		if (!session.containsKey("innerPermission")) {
			return "auth";
		}
		return invocation.invoke();//正常执行
	}
	
	
	
	
	
	
	

	
	
	
	
	
	
	
}